You are here

The Gaurdian

Monitoring devices and tracking software available to buy from popular websites, warn victims’ groups

Stalkers are monitoring their victims’ movements and conversations using bugging and tracking devices as well as spyware and covert phone apps easily bought online, victims’ groups have warned.

These devices and software allow stalkers to track their victims, listen to their phone calls, or turn on their computer’s camera remotely to watch them – and are sold so cheaply on popular websites and stores that stalking is becoming “legitimised”, the groups have warned..

If your stalker knows more than they should, they could be bugging you

In the spring of 2016, I was told that the Democratic National Committee had been hacked, probably by Russians. Immediately, I was concerned that the campaign I managed, Hillary for America, had been hacked too. We wouldn’t know for months whether it had (to the best of our current knowledge, it never was, although private accounts of campaign staff and advisers were). In the days afterwards, we needed a way to have conversations that would be guaranteed not to leak – including ones relating to the hack itself. When the stolen information was exploited to generate news coverage or concoct “fake news” – such as that Democratic operatives were running a sex ring out of a pizza parlour – we learned some hard lessons in why privacy really matters. I worry the current rhetoric around encryption is ignoring that lesson.

The deputy attorney general, Rod Rosenstein, has called for “responsible encryption” that would allow officials to unlock encrypted data with a warrant. Christopher Wray, the director of the FBI, recently said that lack of access to encrypted smartphones was a “major public safety issue”. In the UK, the home secretary, Amber Rudd, has repeatedly said that encryption is a “problem”. And on the face of it, having more tools for law enforcement makes sense.

By creating a vulnerability, you’re creating an opportunity for adversaries to break in

Thousands of sites, including NHS services and the ICO, hijacked by rogue code

Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.

Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware.

The ease with which giant databases can be queried and cross-referenced makes privacy vanish on the internet

Privacy is necessary for human society to function. The problem is not that the information exists but that it reaches the wrong people. Information on the internet could bring great benefits to society, and to individuals, when huge datasets can be refined to yield information otherwise unavailable. But once the information is gathered, a precautionary principle has to apply. It is too much of a stretch to agree with John Perry Barlow, the internet rights pioneer who died this week, when he quipped that “relying on the government to protect your privacy is like asking a peeping tom to install your window blinds”; but it does not help when it appears that everything the public sector does with the huge datasets it has will be overseen by the minister for fun.

Governments need to keep our trust; but technology erodes privacy in two ways. The first is simply smartphones. Most Britons – 70% – now carry around with them devices which record and report their location, their friends and their interests all the time. The second is the ease with which two (or more) datasets can be combined to bring out secrets that are apparent in neither set on its own, and to identify individuals from data that appears to be entirely anonymised. By the beginning of this century researchers had established that nearly 90% of the US population could be uniquely identified simply by combining their gender, their date of birth and their postal code. All kinds of things can be reliably inferred from freely available data: four likes on Facebook are usually enough to reveal a person’s sexual orientation.

WHOIS, one of oldest tools on internet for verifying real identities, at risk of being killed due to tough new GDPR regulations

Sweeping new European data protection regulations may have the accidental effect of protecting scammers and spammers by killing the WHOIS system used to link misdeeds online to real identities offline, security experts have warned.

The General Data Protection Regulation (GDPR), which comes into effect in May, contains a raft of measures intended to strengthen data protection for Europeans.But some of the new rights and responsibilities will conflict with decades-old technologies that have provided much-needed transparency on the internet, says Raj Samani, the chief scientist at cybersecurity firm McAfee.

The European Union's new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making.

Assessments after WannaCry attack reveal vulnerabilities across whole of health system

Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time.

In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision.

John has an old Sony Vaio PC that seems unlikely to receive a firmware update. Should he replace it?

My Microsoft Surface Book is protected against the Meltdown and Spectre security flaws, but my Sony Vaio Pro remains vulnerable to Spectre. Both laptops run Windows 10 and have been updated via Windows Update. The Surface Book’s BIOS has also been updated by Microsoft, but there is no BIOS update for the Vaio – and, I suspect, for millions of other machines.

What is the risk of continuing to run the Vaio with this known critical vulnerability? Is there another way to mitigate it? Or, in the end, do thousands of people have to dump otherwise good machines and buy new ones? John Piatt

It’s too soon to say. Bear in mind that, so far, there are no known exploits for these vulnerabilities, so the current level of risk is low. Companies will try to defend against threats as and when they appear. In the short term, we’ll just have to see how well that goes.